CN103647641A - Deterministic key pre-distribution for mobile body sensor networks - Google Patents
Deterministic key pre-distribution for mobile body sensor networks Download PDFInfo
- Publication number
- CN103647641A CN103647641A CN201310505760.3A CN201310505760A CN103647641A CN 103647641 A CN103647641 A CN 103647641A CN 201310505760 A CN201310505760 A CN 201310505760A CN 103647641 A CN103647641 A CN 103647641A
- Authority
- CN
- China
- Prior art keywords
- key
- node
- base station
- individual
- bsn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/88—Medical equipments
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Arrangements For Transmission Of Measured Signals (AREA)
- Measuring And Recording Apparatus For Diagnosis (AREA)
Abstract
A wireless network (2, 150) for monitoring a patient includes a body sensor network (22, 24, 26, 172, 174, 176) that includes one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) operatively connected to the patient that collect and transfer information related to the patient's health to the wireless network (2, 150). A set-up server (4, 154) configures the one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) with keying material before the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) are deployed to the wireless network (2, 150). A base station (178, 180) distributes a key certificate to the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) associated with the body sensor network (22, 24, 26, 172, 174, 176), such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station (178, 180).
Description
background of invention
Below relate to wireless network.It sets up aspect the secure communication of information in wireless body sensor networks special purposes.Yet, should be understood that, the present invention also can be applicable to provide safe communication between other wireless devices and other wireless repeaters.
Mobile body sensor networks (BSN) is paid close attention in medical applications, and is generally used for patient care and monitoring.BSN comprises data-collection nodes and comprises alternatively control node.Sensor node is battery powered, has limited computing capability and memory capacity, and depends on the intermittent wireless communication by radio frequency.Traditionally, large numbers of (for example thousands of) interoperable node is deployed in for example Medical Treatment Area of hospital, then by different means are spontaneous, is connected to form different non-connection BSN.BSN is comprised of the little subset (from 2 to 50 nodes) of all nodes conventionally, and for example these nodes have distributed patient independent in Medical Treatment Area.Priori, the size of BSN and membership are unknown: BSN node may just exist in BSN formation, or may be added and delete afterwards.The flexibility after BSN forms of some nodes is limited, different independent BSN internetwork roamings (Data Collection that for example user of service carries and control node that other nodes have high degree of flexibility and form in the same area of being everlasting, the transducer that individual wears, etc.).Some nodes may be unattended.The life-span of BSN is limited to a couple of days, several weeks, several months, etc.The life-span of sensor node typically will be longer than the life-span of BSN example.BSN is formed at public or disadvantageous region, in these regions, communicates by letter and may be monitored by lawless person, and sensor node is subject to catching and controlling of lawless person.Internodal the crosstalking of the BSN associated from different patients may be damaged the medical effect of perceived data.
To BSN, design has proposed to have equal challenging security constraint to these challenging operation requirements.Fail safe service for BSN comprises evaluation and communication security.Typically, cipher key management services provides and manages for meeting the basic security data of aforementioned fail safe service.It is all infeasible that the calculating of BSN sensor node and communication constraint make to use any Security solution based on public key cryptography.Special (ad hoc) attribute of BSN and the operation requirements of BSN make the typical online solution based on server also improper.
Key management based on cipher key pre-distribution scheme (KPS) is an option for BSN.Because the node of needs uniqueness is identified and Key Establishing, with BSN membership and size independently, applied strict requirement to the KPS for BSN.Yet existing KPS scheme is that function is limited for BSN.First, the wide cipher key pre-distribution of network does not provide enough fail safes or can not in BSN, manage.The second, usual KPS not only can not expand but also can not be managed in BSN.The 3rd, the KPS(of Blundo
perfectly Secure Key Distribution for Dynamic Conferences. In Advances in Cryptology – CRYPTO ' 92, Springer-Verlag, Berlin, 1993, elasticity pp.471-486) and limited scalability are in memory capacity and the computing capability of sensor node.The 4th, random key preassignment does not provide good Connectivity Properties for having the BSN of limited number node.Finally, amtepe and the Yener certainty KPS(based on Combination Design theory
combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks. In Proc. of Computer Security – ESORICS, Springer-Verlag, LNCS 3193,2004, pp 293-308) for BSN, having can compatible Connectivity Properties and appropriate elasticity, but unique pairwise key is not provided.
The people such as Basagni (
secure pebblenets. In Proc. of the 2
ndaCM International Symposium on Mobile Ad Hoc Networking and Computing, pp.156-163. 2001) propose a kind of key managing project and by periodically updating by the group symmetric key of all the sensors nodes sharing, sensor communication is protected.This scheme is taked Anti-interference sensor and the wide connection management fabric of distributed sensor networks (DSN), and this is not also suitable for the interconnection that the extensive DSN of BSN(can be considered a plurality of BSN with abnormal operation and networking difference.Alternatively, BSN is considered as to a plurality of non-connection fractionation of extensive DSN).
The people such as Perrig (
sPINS:Security protocols for sensor networks. In Proc. of MOBICOM, 2001) proposition SPINS, i.e. a kind of security architecture designing for sensor network specially.In SPINS, a private key is shared in each sensor node and base station.Two sensor nodes can not directly be set up a private key.But they can be arranged private key as trusting third party with base station.In BSN, base station is in Key Establishing moment possibility non-availability.
The people such as Blundo propose to derive group key based on polynomial KPS.For each group of two users, the cipher key pre-distribution scheme of Blundo can be used to set up pairwise key in BSN.Server is set in finite field
fqon generate randomly symmetrical binary λ order polynomial
, wherein
qit is a large prime number that must be enough to supply encryption key.According to symmetry,
.It is each transducer that server is set
ucalculate
multinomial share (
) and distributed to each transducer
u.Each transducer
uthere is unique identifier.After deployment phase, for two nodes arbitrarily
uwith
v, node
ucan be by estimation point
vplace
calculate Public key
, and node
vcan be by estimation point
uplace
calculate same key
.
The elasticity α of the KPS of Blundo is α=λ+1, and assailant need to damage α transducer to can generate the not pairwise key of impaired transducer.Each sensor node
urequire storage λ order polynomial share
, its memory space taking is
.Should be understood that, λ is limited to memory capacity available on transducer
m,
m>=λ+1 key.In pairwise key process of establishing, there is not communication overhead.In order to set up pairwise key, two sensor nodes need to be estimated the multinomial at the ID place of other sensor nodes.This requires
f q in carry out λ mould and take advantage of with λ mould and add computing, it may be arm and a leg in CPU transducer limited in one's ability.
The people such as Liu (
establishing pairwise keys in distributed sensor networks. In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), 2003, pp.52-61) introduced a kind of improvement algorithm of multinomial estimation, to adapt to not the restriction that the low bit CPU with divide instruction causes, thereby reduced the calculation requirement to transducer.This is by λ binary polynomial coefficient length is bitwise reduced to
and by select shape as
's
realize.
The people such as Liu have proved can be by level coupling
tindividual containing
fq 'on λ binary polynomial share of coefficient
generate
tindividual part key comes compound
the key of bit, and can significantly not reduce fail safe, obtain
bit keys with containing
fqon this key of generating of λ binary polynomial of coefficient there is similar entropy, wherein
.
tindividual containing
fq 'on λ binary polynomial of coefficient
joint set be called
tpolynomial set
.
uthe estimation of some place
tpolynomial set
after this be individual
tpolynomial set share (t-polynomisl-set share).
The unfavorable aspect of this technology is,
fq 'on multinomial can only supply at most
q '-1(rather than
q-1) individual transducer.Especially, combination in parallel
fq 'on multinomial (
tpolynomial set) can only supply at most
n '=
q '-1 node.For example, for 8 bit CPU,
q '=2
8+ 1 provides optimum calculated performance, still, and maximum node number
n 'therefore be 256.Still a character of establishment is,
fq 'on each binary polynomial
thereby,
tpolynomial set, anti-λ gangs up.By using based on polynomial KPS
fq 'on multinomial number,
qwith
q 'be applied under the certain lower limit on λ, Factoring Polynomials technology can be applied to any this KPS.
A kind of imperfect design (BIBD) of balance be by
vindividual different target is arranged into
bin individual piece, each piece is just comprised
kindividual different target, each target just appears at
rin individual different piece, and every pair of different target just appears at together
tin individual piece.This design can be expressed as (
v,
k,
t), or of equal value being expressed as (
v,
b,
r,
k,
t), in formula
t(
v-1)=
r(
k-1) and
bk=
vr.
At symmetrical BIBD(SPIBD) in,
b=
vthereby,
k=
r.SPIBD has four character: each piece comprises
k=
rindividual element; Each element appears at
k=
rin individual piece; Every pair of element appears at
tin individual piece; And every pair of piece exists
ton individual element, intersect.
Given have |
s|=
vthe S set of individual target and |
b|=
bthe set of individual piece
piece design
d=(
v,
k,
t), wherein each piece just comprises
kindividual target, so for 1≤
i≤
b, complementary design
with complementary block
as its piece.
be have parameter (
v,
b,
b-
r,
v-
k,
b-2
r+
t) BIBD, wherein
b-2
r+
t>0.If
d=(
v,
k,
t) be a SBIBD, so
also be a SBIBD.
Finite projection plane (FPP) is a SPIBD subset acquiring a special sense for cipher key pre-distribution.FPP be have parameter (
n 2+
n + 1,
n + 1,1) SPIBD.FPP is for any prime power
nall exist, wherein
n>=2.N rank FPP has four character: (i) each piece just comprises
n + 1 point; (ii) each point just appears at
non+1 piece; (iii) just exist
n 2+
n + 1 point; And (iv) just exist
n 2+
n + 1 piece.Amtepe and Yener(
combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks. In Proc. of Computer Security – ESORICS, Springer-Verlag, LNCS 3193,2004, pp 293-308) SBIBD design is applied to the cipher key pre-distribution in SN.
Suppose FPP have parameter (
n 2+
n + 1,
n + 1,1), its element belongs to set
s, wherein |
s|=
n 2+
n+ 1.Use Eschenauer and Gligor(
a key-management scheme for distributed sensor networks. In Proc. of the 9
thaCM conference on Computer and communications security, pp.41-47,2002) term,
sassociated with pool of keys,
sin each element associated from different random keys.In addition, each piece of FPP is associated with key ring.The character of FPP has guaranteed that any pair of secret keys ring (piece) has 1 public random key (element).
For
nthe sensor network of node (SN), always total
nindividual key ring, has
n 2+
n + 1>=
nthe FPP of individual piece need to gather by use
sconstruct.This provides
n 2+
n + 1>=N key ring, each key ring has
k=
n + 1 key and
oneindividual public key.The memory capacity size requiring on node therefore for (
n+ 1) * log
q(be equivalent to
m=
n+ 1).
cunningassailant need to catch α=
k=
n + 1 node can damage described SN.
Add up to
neach sensor node of SN receive different key rings.Notice specific key of every two nodes sharing.In fact, according to the character of FPP, every
n + 1 transducer is shared same specific key.Therefore, the key of this KPS can not be for the unique evaluation of node.Second relevant problem is always may not find such FPP, wherein (i)
nit is prime power and (ii)
n 2+
n + 1>=
n, restrictive condition is
m>=
n + 1.
Amtepe and Yener solve the problems referred to above by constructing a kind of Mixed Design, this Mixed Design comprise FPP (
n 2+
n + 1,
n + 1,1)
n 2+
n + 1 piece and
(
n 2+
n + 1,
n 2,
n 2-
n)
n-
n 2+
n + 1 choose arbitrarily (
n+ 1) element sub-block, wherein
n<
m-1(is that the size of key ring is now
m>=
k>
n + 1).Its seondary effect is: (i)
k>
n + 1; (ii) some specific keys are by incessantly
n + 1 nodes sharing; (iii) some nodes are to likely sharing nearly
n 2-
nindividual node; And (iv) at least
n-
n 2+
n + 1 piece does not have public key.Therefore, due to (iv), at least
n-
n 2+
n + 1 can not directly set up public keys, and due to (i), (ii) and (iii), α≤
n + 1<
k≤
m, network resilience has reduced.
In recent years, many random key Managed Solutions based on cipher key pre-distribution have been proposed, to protect the communication fabric of extensive DSN.These Managed Solutions are supposed the wide connectedness of DSN based on following hypothesis: sensor node can be wirelessly connected to the adjacent node (for example node in range for wireless communication) of minimum degree, and sensor node has very limited flexibility after disposing.These schemes are intended to pursue the wide secure connectivity of maximum DSN and network resilience, meet the operation constraint of DSN simultaneously.In random key pre-distribution scheme, each node received the random key subset of arrogant pool of keys before disposing.In order to determine for carry out the key of secure communication with certain probability, two neighborss are found a public key and are used this key as its shared private key in its subset.Do not find two sensor nodes of public keys to utilize other in its neighborhood to be subject to trusted node, even several steps of tripping are to help to set up public keys.Based on Blom(
an optimal class of symmetric key generation systems. In Proc. of the EUROCRYPT 84 workshop on Advances in crytology:theory and application of cryptographic techniques, pp.335-338,1985) Random Dual cipher key pre-distribution scheme or the scheme of Blundo by increase network resilience and additionally defining node identify to strengthen the former.
But random key pre-distribution scheme is also not suitable for protecting BSN.First, because the degree of neighbors is little, BSN can not allow two arbitrarily node set up directly or indirectly public keys.Secondly, due to the possibility that node is caught, node is identified and must directly be carried out without any interstage.
Because BSN independently does not interconnect, recommend can not be used in BSN for the centralized or distributed overall intruding detection system (IDS) of DSN or AD-HOC network.In BSN, impaired node may can be detected, but traditional system and method can not send to this information all the other nodes in other BSN effectively.Therefore, BSN is easily subject to Node replication attack more than extensive DSN.For example, in hospital, from clever assailant's attack, be the biggest threat for BSN fail safe.Although do not clearly state in the literature, for the node of previous cipher key pre-distribution scheme, to catch with node and copy, network resilience height depends on the existence of the wide effective IDS of DSN.The elasticity of network (iresiliency) is defined as the nodes λ that assailant need to catch to damage a part for total DSN communication.Clever assailant needn't catch and distort λ node and carry out offensive attack.As long as clever assailant catches one or sub-fraction node and carrys out attacking network with impaired key.In fact, in order not to be detected, assailant can not attempt to interrupt network of network operation, but reads as possible or revise confidential information or even inject spoofing.In this way, assailant just can obtain and/or inject desirable information even must not wasting the in the situation that own resource being damaged other network services.
Finally, in some scheme, need the Key Establishing mechanism that helps by neighbours connective to realize the safe DSN of height.The assailant with appropriate keys can obtain help from the adjacent node (by that analogy) of one or more adjacent nodes, these nodes to set up the key with complete neighborhood.If node neighbours' Key Establishing is helped to sacrifice secure connectivity improved fail safe by restriction, assailant still can move and attempt to attack neighbours as much as possible so.Key managing project effective and safety especially must be considered clever assailant in BSN arranges.
Needed is such cipher key pre-distribution scheme, and it allows to identify, confidentiality and integrity service, and network security connectedness, elasticity and extensibility and the optimum execution efficiency of enhancement are provided.Also need such key managing project, it controls the use of preassignment key, is applicable to the operating condition of BSN.What the present invention considered is improved equipment and the method that has overcome aforementioned disadvantages and other defect.
summary of the invention
According to an aspect, for monitoring patient's wireless network, comprise the body sensor networks being formed by one or more wireless sensers, during described one or more wireless senser operation, be connected to patient, collect the information relevant with patient and these information are sent to wireless network.Server is set to be configured described one or more wireless sensers with keying material before described one or more transducers are deployed to wireless network.The one or more transducers associated with body sensor networks are distributed to by key certificate in mobile base station, and wherein two transducers generate unique pairwise key (pairwise key) according to preassignment keying material with by the key certificate of base station assigns at least in part.
According on the other hand, wireless network comprises the network that is comprised of one or more radio nodes and server is set, and the described server that arranges was configured described one or more radio nodes with keying material before described one or more nodes are deployed to wireless network.The one or more transducers with described network associate are distributed to by key certificate in base station, and wherein two nodes generate unique pairwise key according to preassignment keying material with by the key certificate of base station assigns at least in part.
According to another aspect, a kind of method is distributed and is estimated and distribute with combination
tpolynomial set share is to maximize extensibility, elasticity and the execution efficiency of wireless system, and it comprises via server is set security key is pre-assigned to the sensor node of communicating by letter on this wireless system
uand sensor node
v.
According to another aspect, the transducer in a kind of method identification movable sensor system
u, it comprise from
n-1 mutually orthogonal
nthe set of rank Latin square (Latin square) form limited projection plane (
n 2+
n + 1,
n + 1,1), wherein
nit is a prime power (prime power).According to
usensor id, transducer
vfast and effeciently find public
tpolynomial set share and fast and effeciently derivation
tpolynomial set share estimation point.
An advantage of the invention is, it offers large numbers of sensor nodes by security key, thereby makes communicating by letter on battery, the CPU ability node limited with memory capacity, calculating and storage efficiency optimization.
Another advantage is that it provides the security strength strengthening to the preassignment security key that is assigned to large numbers of sensor nodes.
Also having an advantage is that the fail safe providing is transparent for the user of described wireless network.
Another advantage is, the fail safe providing allow to (large numbers of transducers) whatever arbitrarily in pairs sensor node carry out unique identity authentication and allow to set up and sensor wireless neighborhood density or the irrelevant trusting relationship of size,
Another advantage is that described fail safe has alleviated the degree that wireless network may be impaired.
After reading the following detailed description of preferred embodiment, many extra advantages and benefit will be apparent for those of ordinary skills.
Accompanying drawing explanation
The present invention is embodied as different parts and component configuration, and different steps and arrangements of steps.Accompanying drawing, only for graphic extension preferred embodiment, should not be regarded as having limited the present invention.
Fig. 1 illustrates a kind of movable sensor system, this movable sensor system adopt arrange server during pre-deployment phase in a plurality of transducers configuring cipher key data.
Fig. 2 illustrates and utilizes unique pairwise key that the methodology of secure communication is being provided between wireless senser in pairs.
Fig. 3 has also shown how in the movable sensor system of the system such as in Fig. 1, to use sensor id.
Fig. 4 is illustrated in the another set of method such as identification sensor in the movable sensor system of the system in Fig. 1.Fig. 4 has also shown in the movable sensor system of the system such as in Fig. 1 how to use sensor id.
It is public that Fig. 5 illustrates discovery
tthe methodology of polynomial set share.
Fig. 6 illustrates derivation
tthe methodology of polynomial set share estimation point.
Fig. 7 illustrates a kind of movable sensor system, this movable sensor system adopt arrange server during pre-deployment phase in a plurality of transducers configuring cipher key data.
Fig. 8 illustrates a kind of movable sensor system, and this movable sensor system adopts security server and base station between a plurality of transducers in this movable sensor system during rear deployment phase and corresponding body sensor networks, to carry out safe communication to allow.
Fig. 9 illustrates a kind of cipher key pre-distributing method of the Blom of employing symmetric key pre-distribution scheme.
Figure 10 illustrates a kind of employing for the cipher key pre-distributing method of the Blundo scheme of cipher key pre-distribution.
Figure 11 illustrates a kind of method that confirms preassignment key.
Figure 12 illustrates a kind of method of managing preassignment key.
Figure 13 illustrates a kind of method of managing preassignment key.
Figure 14 illustrates a kind of method of managing preassignment key.
Figure 15 illustrates a kind of method of managing preassignment key.
Embodiment
certainty pairwise key preassignment system (DPKPS) and method
Fig. 1 illustrates a kind of movable sensor system 2, and this movable sensor system 2 comprises server 4, a plurality of wireless senser 6,8,10,12,14,16,18,20 and a plurality of body sensor networks 22,24,26 are set.It is the server that is exclusively used in fail safe that server 4 is set, and it only initiatively participated in safety operation before disposing transducer.Wireless senser 6-20 is connected to for example, by the initial configuration stage before using (in advance dispose) in server 4 is set at transducer 6-20.Server 4 is set and typically resides in physically in shielded scope, only have the office worker who has authorized to access.During deployment phase, wireless senser contacts server is set without any approach.Deployment region typically can be by public access.Wireless senser 6-20 is the node of being responsible for collecting and transmitting patient medical data.Any one in transducer 6-20 all with transducer 6-20 in one or morely set up wireless connections.Sensor node is limited to memory capacity, battery and CPU.Body sensor networks (BSN) 22-26 is the set of Wireless Networking sensor node, and it can be connected to one or more patient's (not shown).Owing to there being a large amount of nodes in system, thereby BSN is limited to bandwidth typically.For example, in hospital environment, may there is for example BSN of a patient of hundreds of or thousands of BSN().
The application requirements log of BSN
qthe key of bit.According to an embodiment,
,
t>=1.Q is fixed as to desired level of security (for example 64 bits), can calculates
fq' on multinomial, and people's such as application Liu etc. multinomial optimization obtains log
qthe key of bit.
tindividual containing
fq' on λ binary polynomial of coefficient
joint set be called
tpolynomial set
.
uthe estimation of some place
tpolynomial set
after this be individual
tpolynomial set share.
Fig. 2 illustrates methodology 30, this cover method 30 by method to set up 32, the pre-dispositions method 34 of key,
tpolynomial set share discover method 36 and key establishing method 38 forms, and described key establishing method 38 is used to set up the unique pairwise key between transducer, as the situation of system 2 above.In 32, server is set and generates
tpolynomial set share and Combination Design, it can be used to supply
nindividual transducer, wherein
nbe the size of interoperable node group, and be individual 1 the integer that is more than or equal to.In 34, server is set will according to combination distribution
tpolynomial set share is distributed to each transducer.Once dispose complete, in 36, two transducers arbitrarily
uwith
vfind out them which owns together
tpolynomial set share.In 38, described two transducers arbitrarily
uwith
vpublic by estimating it
tpolynomial set share generates unique pairwise key
.
An aspect of the present embodiment increased based on
tthe extensibility of the KPS of polynomial set and do not reduce its elasticity has kept optimum node execution efficiency simultaneously.In a kind of approach, along FPP-(
n 2+
n + 1,
n + 1,1) (pass through each
tpolynomial set
's
n'/(
n+ 1) individual different share and the piece that belongs to FPP
b i ,
i=
n 2+
neach element of+1
b i,
j ,
j=1
n + 1 association) will
n+ 1
tpolynomial set is distributed to each node
u.Due to the character of FPP, with separately according to different masses
b i ,
b j ∈ FPP,
i≠
jelement distribute
n + 1
ttwo of polynomial set share nodes arbitrarily
uwith
v, share
a tpolynomial set
, they can use this
tpolynomial set calculates log
qunique pairwise key of bit.Similarly, with separately according to same block
b i the element of ∈ FPP distributes
n + 1
ttwo nodes sharing of polynomial set share
n+ 1
tpolynomial set share.In this way, these nodes can be used
n+ 1
tany in polynomial set share calculated log
qunique pairwise key of bit.
This technology allow to increase the people such as Blundo and amtepe and Yener KPS extensibility and do not lose any network resilience, keep optimum calculated performance and the possibility of sharing unique pairwise key simultaneously.In addition, this approach solved amtepe and Yener KPS FPP Existence problems and do not reduce network resilience or directly trust connective.
In 32, server is set and generates randomly
fq' on
t* (
n 2+
n+ 1) individual λ binary polynomial
set.Subsequently, for
j=1
n 2+
n + 1, sequence server is set and selects
tindividual multinomial and formation
n 2+
n + 1
tpolynomial set
.Then, it generate FPP-(
n 2+
n + 1,
n + 1,1), its element belongs to set
s, wherein |
s|=
n 2+
n+ 1.Set
sassociated with multinomial pond,
sin each element
jfrom different
tpolynomial set
associated.In addition, each piece of FPP is associated with polynomial ring.The character of FPP has guaranteed that any a pair of polynomial ring (piece of FPP) owns one together
tpolynomial set
(element
k).
In 34, each sensor node
ufrom being set, server receives
n + 1
tpolynomial set share
, wherein
p u,
j ∈
fq',
b i,
j ∈
b i ∈ FPP and
j=1
n+ 1.Point
p u,
j must take from finite field
fq'.This will
p u,
j be restricted to
qa '-1 different probable value.But, the number of sensors that supply
nmay be greater than
q'-1.In order to guarantee the uniqueness of pairwise key, two different transducers
uwith
vcan not have in same point
p k that estimates is same
tpolynomial set
.Due to each
tpolynomial set
f j (
x,
y),
j=1
n 2+
n + 1, can be
n'=
qa '-1 different point estimates, and
f j (
x,
y) label
jappear at
nin+1 FPP piece, thereby (
jappearance place) each in these pieces should be used to by
f j (
x,
y) different shares be pre-assigned to and be no more than
n'/(
n+ 1) individual different transducer.Supply
n≤
n'
n(1-1/ (
n+ 1))+
n' the cipher key pre-distribution process of individual node adopted following step:
From with element
b 1,1,
b 1,
n+ 1
first of FPP
b 1start, first node (
u 1) be received in
fq' point
p 1place's estimation
tpolynomial set share
arrive
; The second transducer (
u 2) be received in a little
p 2place's estimation
arrive
, by that analogy; Until the
n'/(
n+ 1) individual transducer (
u n'/(
n+ 1)
) be received in a little
p n'/(
n+ 1)
place's estimation
arrive
,
2. next process with element
b 2,1,
b 2,
n+ 1
second of FPP
b 2, suppose
b 1,1=
b 2,1, transducer is received in a little
p 1+
n'/(
n+ 1)
place's estimation
(for transducer
u 1...
u n'/(
n+ 1)
, compared with low spot, estimating
), and point
p 1place's estimation
arrive
; By that analogy, and
3. use all repeating steps 1 and 2 of FPP so that supply system
nindividual node.
In 36, find
tpolynomial set share.After deployment completes, before setting up pairwise key, each sensor node
umust find it and it partner node
vwhich is shared
tpolynomial set.For this reason, node
uwith
vexchange its ID, described ID Latent Including they carry
n + 1
tthe label of polynomial set share and point
,
, at these some places, estimate separately
n+ 1
tpolynomial set share.Finally, they find label
k(corresponding public
tpolynomial set
f k (
x,
y)) and the point of estimation separately
p u with
p v .
In 38, set up key.In order to calculate pairwise key
k uv , node
upoint
p v described in place's estimation
tindividual (being included in
f k (
p u,
y) in) λ binary polynomial
,
i=1
t(
) to obtain
tindividual part key.Then, node
udescribed in inciting somebody to action
tindividual part key blocks into log
q 'bit and connect this
tindividual key segment is to form final log
qthe pairwise key of bit
k uv .
simple sensor ID
Fig. 3 illustrates the transducer in a kind of DPKPS of identification
umethod 50.In 52, it carries
n + 1
tpolynomial set share
n+ 1 label
b i, 1
,
b i,
n+ 1
with
n + 1 point
connect, described in
tpolynomial set share is estimated at these some places.In 54, the unique transducer that identifies of such ID
u, and in 56, it allows to find very simply public
tpolynomial set share and
tpolynomial set share estimation point.
In 58, by finding public with simple sensor ID
tpolynomial set share.Two transducers
uwith
vfind out total which label, for example label in ID separately
k.In 60, by obtaining, be included in simple sensor ID
kindividual point is derived
tpolynomial set share estimation point.
optimized sensor ID
Owing to working as
nduring increase, use simple sensor ID to increase significantly storage and the communications cost of DPKPS, so can be by utilizing the character of the FPP based on mutually orthogonal Latin square (MOLS) to adopt a kind of interchangeable optimization sensor ID method.For reality
nvalue, this optimal method constructs the very short sensor ID of length.
Fig. 4 has shown and has been used for the methodology 70 of in the movable sensor system of the system 2 such as above identification sensor.
FPP (
n 2+
n + 1,
n + 1,1) by
n-1
nthe mutually orthogonal Latin squares in rank (MOLS) form.Latin square is
n*
nsquare formation
l, its project (entry) by
nindividual symbol forms, and each symbol is just occurred once at every row and every row.These symbols as from 1 to
ninteger.Structure
la kind of very simple mode be by integer 1,2,
naccording to its natural order, be placed in the first row, and for continuous row, to the right periodic cycle previous row.
In 72, form mutually orthogonal Latin square (MOLS).
n individual symbol 1,2,
non two Latin squares
with
if, during stack
n 2to symbol
in every a pair of just appearance once, these two Latin squares are quadratures so.There is phase same order
nlatin square set
l 1,
l 2,
l t be called MOLS collection, each in described Latin square set is each the quadrature secondary (orthogonal mate) in all the other Latin squares.
n-1
nthe set of rank MOLS is a complete set.
Given pair of orthogonal Latin square
with
, the unit in the first square formation (cell) comprises a specific symbol
l 1.Due to the character of Latin square, in each row and column, only there is in these unit.According to orthogonality, in the unit of the quadrature pair corresponding with unit in the first square formation
nindividual project forms the transversal (transversal) in quadrature pair, for example this
nindividual project just in time comprises each symbol, and one in these unit is positioned at different row and columns with each.
For
nfor the situation of prime power, shape as
f a (
x,
y)=
ax+
y,
a≠ 0 ∈
f n polynomial set representative
n-1
nthe complete set of rank MOLS.This causes very simple building method: order
e 1,
e 2,
e n for
f n (be integer 1
n) element.Then, for each element
e m ,
m=1,2,
n, by following formula
sequentiallycompute matrix
element
:
Parameter
nwith
e m be enough to construct specific orthogonal Latin square
.
In 74, according to MOLS, construct limited projection plane (FPP).Order
l 1,
l 2,
l n-1
for
nthe complete set of rank MOLS, and
mfor
n*
nmatrix.First, from the first row to the
nrow is by placing by its natural order
n 2individual integer 1
n 2carry out structural matrix
m.Secondly, according to described MOLS, generate as follows
nrank affine plane AG (2,
n): (i) before
nindividual piece is
mrow; (ii) inferior
nindividual piece is
mrow; And (iii) pass through each
order is added to
mupper and will with each
in single symbol
corresponding
melement regard piece as and form remaining
n 2-
nindividual piece.Due to each
comprise
nindividual different symbol, each
stack produces
nindividual piece.Finally, for obtain FPP (
n 2+
n + 1,
n + 1,1), (i) by new integer
n 2+ 1 add to described affine plane before
nindividual piece, (ii) by new integer
n 2+ 2 add to described time
nindividual piece, (iii) by integer
n 2+ 2+
e m add to from each
structure
nindividual piece, and (iv) new piece is added in this design, it comprises
n + 1 new integer adding.
Given
nwith
i, easily reconstruct piece
b i ∈ FPP, 1 < i≤2
n.For example, for
n=3, by
m 3 * 3first row and integer 11 building blocks
b 4,
b 4=(Isosorbide-5-Nitrae, 7,11).For piece
b i ∈ FPP, 2
n<
i≤
n 2+
n, label
ialso imply and identified Latin square
label
e m , 1≤
e m ≤
n-1, generate accordingly
b i .For example, for
n=3, from
l 2generate piece
b 12.For these pieces of reconstruct
b i (2
n<
i≤
n 2+
n) in one, additionally need element
.
In 76, identify and connected three numbers
i,
i p with
transducer
u, wherein 1≤
i≤
n 2+
n + 1,1≤
i p ≤
n'/(
n+ 1) and 1≤
e m ≤
n.The first number
iidentify piece
b i ∈ FPP, selects accordingly
u's
tpolynomial set share, the second number identifies
b i in
tpolynomial set share is distributed to
uorder
i p , and the 3rd number identifies Latin square
l i element, derive accordingly
b i .This ID identifies uniquely transducer u and allows and finds much more effectively public than simple ID
tpolynomial set share and
tpolynomial set share estimation point.
In 78, for optimization sensor ID is found
tpolynomial set share.In 80, for optimization sensor ID derives
tmultinomial share estimation point.
Fig. 5 has shown that the information being included in optimization sensor ID by use finds public
tthe method 100 of polynomial set share.In 102, optimization sensor ID allows sensor node
ucalculate itself and partner node
v's
tthe label of polynomial set share.In 104, by more this information, node
ucan derive and node
vpublic
tpolynomial set share
f k (
p u ,
y) label
k, 1≤
k≤
n 2+
n + 1.
Transducer
ucarry
tpolynomial set share
label with
b i the element of ∈ FPP
b i, 1
,
b i, 2
,
b i,
n+ 1
become one to one to shine upon.As noted above, given
n,
b i label
iand integer
, may reconstruct uniquely so
b i, 1
,
b i, 2
,
b i,
n+ 1
}=
b i .Here, must district in two kinds of situation: in 106, piece
b i , 1≤
i≤ 2
nwith
, its reconstruct is easy.Alternatively, in 108, piece
b i , 2
n<
i≤
n 2+
n, its reconstruct is also simple, but requires to carry out analysis below.In 108, according to structure affine plane step (iii) (in the step 54 from Fig. 3 a) known,
b i element
b i, 1
,
b i, 2
,
b i,
n+ 1
take from
min by 2
nindividual coordinate (
i 1,
j 1), (
i 2,
j 2) ... (
i n,
j n) position of mark, wherein
appear at
in.Like this, determine these coordinate times, obtain
b i element.In 110, according to label
idirectly derive
e m , it identifies for choosing
b i element in
nindividual Latin square
.In 112, element
determining positions
in transversal, thereby
every row in occur once.Like this,
appear at position (1,
j 1), (2,
j 2) ... (n,
j n) locate.Suppose
with
e m known, utilize equation 1, can obtain:
……
In 114, solve these equations, this generation has
nindividual different value
vector V.As already noted, from F
nelement
e 1,
e 2,
e n in order for compute matrix
each element
, i.e. element
e 1for calculating location (1,1), (2,1), (3,1) ... (
n, 1) } element located, element
e 2for calculating location (1,2), (2,2), (3,2) ... (
n, 2) } element located, by that analogy.In other words, each value
determine
the coordinate of appearance place (1,
j 1), (2,
j 2) ... (
n,
j n ), for example, if for
i 3=3,
, so
j 3=2(
appear at (1,
j 1), (2,
j 2), (3,2) ... (
n,
j n ) locate).
Finally, in 116, these coordinates are mapped to matrix
melement, like this from
b i 's
nin+1 element, directly determine
nindividual element.Now, obtain the piece of affine plane.By integer
n 2+ 2+
e m add this piece to, obtain piece
b i, 1
,
b i, 2
,
b i,
n+ 1
}=
b i .Generate in this way piece (at the most) needs of FPP
f n in
nsub-addition and
ninferior multiplication.
Fig. 6 illustrates derivation
tthe method 130 of polynomial set share estimation point.In order to derive a little
p v , node
umust follow the simple procedure that the character of FPP allows, at described point
p v place's node
uestimate its share
f k (
p u ,
y) to generate key
k uv .
It is as noted above,
i p it is node
vaccording to piece
b i ∈ FPP, 1≤
i≤
n 2+
n + 1,
torder in the distribution of polynomial set share.Will suppose
tpolynomial set
f k (
x,
y) share distribute to
v.Process described below allows to derive point
p v ∈
fq', in this some place estimation
vshare
f k (
p v ,
y).Suppose
, wherein
s k quantize
f k (
x,
y) at piece
b j ∈ FPP,
j=1
ithe number of middle appearance.
In 132, because FPP constructs from MOLS, it starts
n 2individual element is at every group
nindividual follow-up piece
b 1+
t ,
b 2+
t ,
b n+
t , t=0,
n, 2
n, 3
n...
n*
nmiddle appearance once.Then, in 134, given label
i, 1≤
i≤
n 2+
n,and
tpolynomial set label
k,
k≤
n 2, easily derive it counter occur
s k ,
.Shape as
k=
n 2+
j,
j=1
neach element of+1 is at described
b i+
n(
j-1)
,
i=1
ngroup in occur
ninferior.In this case,
s k =i-n (j-1).In 136, piece
element
k=
n 2+
j,
j=1
n + 1
nappear in FPP for+1 time.Therefore, given
tpolynomial set label
k, piece label
irank with FPP
n, node
ucan directly derive a little
p v -to estimate it and node
vpublic share
f k (
p u ,
y).
Be different from random key method for pre-distributing formerly, these embodiment allow two random sensor nodes of selecting directly to find public keys to independently identify with (or neighborhood) in DSN term size and the density of BSN.Additionally, safe communication still be identified and/or be set up to sensor node can and at different BSN internetwork roamings.The fail safe of BSN is not in the situation that need BSN user of service's active or participate in consciously setting up.
operation key management
Fig. 7 and 8 illustrates a kind of system 150, and it comprises security server 152, server 154 is set, a plurality of wireless senser 156,158,160,162,164,166,168,170, a plurality of body sensor networks 172,174,176 and mobile base station 178 and 180.Fig. 7 has shown the system 150 before transducer 156-170 is deployed.Fig. 8 has shown the system 150 after described transducer has been deployed.In an example, security server 152 and/or server 154 is set is the private server for fail safe.Security server 152 is the servers that are exclusively used in fail safe, and it all initiatively participates in safety operation before and after disposing transducer.It is the server that is exclusively used in fail safe that server 154 is set, and it only initiatively participated in safety operation before disposing transducer.After having disposed transducer 156-170 and base station 178,180, its continuation or be exclusively connected to once in a while base station.As shown in Figure 8, once dispose completely, transducer 156-170 is also free of attachment to security server 152.As shown in Figure 7, mobile base station 178,180 and transducer 156-170 only in pre-deployment phase (these equipment by the initial configuration before using in) just can be connected to server 154 is set.
Wireless senser 156-170 is responsible for collecting and transmitting patient medical data.In an example, transducer 156 can be established to second any sensor 158 and/or 180 the wireless connections to base station.Sensor node is limited to memory capacity, battery and CPU.In Yi Ge hospital, may there are thousands of transducers.One or more BSN are set of Wireless Networking sensor node.The node of BSN can be connected to one or more patients.BSN is typically subject to the restriction of bandwidth.In Yi Ge hospital, may there is for example BSN of a patient of hundreds of or thousands of BSN().Mobile base station (BS) 178,180th, by the data and the mobile device that configures BSN that visit on BSN.BS is medium resource and power apparatus typically.In Yi Ge hospital, may there are hundreds of or thousands of BS.
Operation key management solution is comprised of following methods:
1.
cipher key pre-distribution.Setting/security server is distributed to each transducer according to basic cipher key pre-distribution scheme by basic keying material, and distributes to each mobile base station by different approach.This is to complete in the configuration phase before transducer or base station are deployed in hospital for example.
2.
preassignment key authentication.One arbitrarily BS access some formation arbitrarily the transducer of BSN so that distributing key certificate
kC l , it makes in previous step preallocated keying material at given following interval
i l effectively interior.
3.
key Establishing.Two transducers arbitrarily
uwith
vby generating unique pairwise key with preallocated keying material and effective key certificate
k uv .
basic cipher key pre-distribution scheme
Can adopt different complete methods to realize symmetric key pre-distribution scheme (scheme or the DPKPS of people such as Blom, Blundo), described symmetric key pre-distribution scheme can be used as the basic framework of following proposal.
Fig. 9 shows a kind of cipher key pre-distributing method 230 that has adopted the symmetric key pre-distribution scheme of Blom.Blom scheme allows any a pair of node in network to derive pairwise key.Work based on people such as Du (
a pairwise key pre-distribution scheme for wireless sensor networks. In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS), 2003, pp.42-51), according to the present embodiment, added slight modifications for Blom original scheme to make it be applicable to BSN.
Can use as follows the scheme of Blom.During pre-deployment phase, in 232, server is set in finite field
fqupper structure (λ+1) *
nmatrix
g, wherein
nfor the size of the interoperable node group that may run in different B SN,
qit is a large numeral that must be enough to supply encryption key.
gbe counted as public information, comprise that any transducer of potential illegal user can be known
gcontent.In 234, server is set and exists
fq(λ+1) of upper establishment random secret * (λ+1) symmetrical matrix
d, and in 236, calculate
n* (λ+1) matrix
a=(
dG)
t , wherein (
dG)
t for
dGtranspose of a matrix.Due to
dsymmetrical, so
k=
aGit is a symmetrical matrix.Therefore,
k uv =
k vu , wherein
k uv to be positioned at
kin
urow and the
vthe element of row.
k uv (or
k vu ) as node
uand node
vbetween pairwise key.Finally, for
k=1,2,
n, server-assignment is set:
1. in 238, matrix
a krow is to node
k, and
2. in 240, matrix
g krow are to node
k.Alternatively, in order to save the needs to memory capacity, can be by generator matrix
g kthe seed of row
g(
k) distribute to node
k.
In 242, determine whether seed is assigned with.If no, after deployment phase, in 242, work as node so
uwith
vin the time of need to finding out pairwise key between them, first they exchange theirs
gin row.Alternatively, in 244, if distributed seed, so node
uwith
vexchange seed and calculate other nodes
grow.Then, in 246, node
uwith
vby using theirs
ain privately owned row can calculate respectively
k uv with
k vu .Because
gpublic information, so can be with expressly sending its row (or seed).
Alternatively, as shown in figure 10, method 250 utilizes Blundo scheme to carry out cipher key pre-distribution.The people such as Blundo propose based on polynomial Key Distribution Protocol to derive group key.For two users' group, the scheme of Blundo is the special case of the scheme of Blom, has advantages of outstanding: in pairwise key process of establishing, there is no communication overhead.Discuss below and in BSN context, set up the special circumstances based on polynomial pairwise key.
In 252, server is set in finite field
fqthe upper random binary λ order polynomial that generates
, make it there is character
f(
x,
y)=
f(
y,
x), wherein
qit is a large prime number that must be enough to supply encryption key.Suppose that each transducer has unique identifier (ID).In 254, it is each transducer that server is set
ucalculate
multinomial share (
) and distributed to each transducer
u.
In 256, for any two sensor nodes
uwith
v, node
ucan be by estimation point
vplace
f(
u,
y) calculate public keys
k uv =
f(
u,
v), and node
vcan be by estimation point
uplace
f(
v,
y) calculate same key
k vu =
f(
v,
u)=
f(
u,
v).Security Proof in the people's such as Blundo document has guaranteed that this scheme is that unconditional security and anti-λ gang up.In other words, be no more than ganging up and not knowing the pairwise key between any two not impaired nodes of λ impaired sensor node.
As preferred alternate item, DPKPS can be used for to initial preassignment pairwise key to transducer.
Active method is used to promote to the trust of key and controls the use to key, thereby reduces the impact of impaired node, and described key carries out preassignment by any basic cipher key pre-distribution scheme.
Should suppose, the life-span of all the sensors node is all divided into
nthe public long interval that+1 duration is T, is designated as
i 0,
i 1,
i 2,
i n , sensor node all with the overall situation reference time loose synchronization, even when these transducers connect in different BSN, situation is also like this.
Figure 11 illustrates for authenticating the methodology 260 of preassignment key, and is the summary of the cipher key authentication method in Figure 12-15 below.In 262, in each time interval
i l-1
during this time, (where tube sensor is not positioned at) mobile base station (BS) all contacts transducer once in a while, in 264, after the integrality of test sensors, in 266, by key certificate
kC l distribute to each int sensor node.In 268, key certificate
kC l make the integrality of transducer preassignment key at single interval
i l effectively interior, preassignment key is in the time interval
i l effectively interior.Similarly, in 270, impaired node
udo not receive key certificate
kC l , thereby its preassignment key is cancelled.
Hereinafter, provide serial of methods 280,310,330 and 370; Each scheme after leaning on is to improve forward scheme by solving some deficiency of forward scheme.Method 280,310, the difference between 330 and 370 be in base station and base station and security server between connective rank.How these methods generate or reach aspect key certificate is also distinguishing.
Figure 12 shows for concentrating the methodology 280 of issue global secret certificate.In this part, security server resides in and is different from the home that BSN disposes district.As noted above, security server is the server that is exclusively used in fail safe, and it all initiatively participates in safety operation before and after disposing transducer.It is the server that is exclusively used in fail safe that server is set, and it only initiatively participated in safety operation before disposing transducer.Therefore, server is set and after transducer has been deployed, keeps off-line state.Supposition in addition, one or more mobile base stations are present in BSN once in a while and momently.Base station also contacts with security server once in a while.Because base station is expensive node, they have adopted tamper resistant hardware and not restriction aspect computing capability or memory capacity.Like this, the quantity of mobile base station is much smaller than the quantity of sensor node.Because base station is not typically unattended and they are only present in BSN deployment region once in a while, thus they and be not easy to be caught or damage.
Because sensor node is movably, therefore can not suppose base station always in the wireless range of BSN (patient who has for example connected some transducers with it takes a walk through hospital garden).But since the object of BSN is to collect the data be sent to terminal use, thereby supposition BSN is by the wireless range in base station once in a while.This is the important requirement to BSN, otherwise because the restriction of memory capacity in sensor node may cause the loss of the information that sensor node is collected.The shortcoming that static private server is used for to sensor network security is well-known.For example, lawless person may attempt private server to initiate denial of service (DoS) attack.If private server is through copying, movably and being not always present in BSN, these shortcomings have not just existed so.In BSN environment, suppose and have mobile base station.For example, doctor downloads the data from patient BSN in garden by a kind of approach.Hereinafter, term base station refers to mobile base station, and it can be for fail safe object.
In 282, before deployment according to any in described basic cipher key pre-distribution scheme (scheme of people such as Blom, Blundo, DPKPS), with unique identifier and fail safe data initialization sensor node.Do not adopt basic cipher key pre-distribution scheme that the pairwise key between sensor node and base station is provided, to avoid occurring the risk that may pretend to be base station of ganging up of λ impaired node.In addition do not advise in base station,
bSiand shared group key between sensor node, because the impaired of individual node can damage the fail safe of all the other nodes, thereby make base station
bSibe not useable for safety operation.On the contrary, in 284, for each base station
bSi=1 ...,
mwith each sensor node
u=1 ...,
n,
n>>
m, security server is according to usual cipher key pre-distribution scheme random choose and distribute pairwise key
k u,
bSi .This scheme allows each sensor node and base station
bSicommunication safely.It is unconditional security, and in node, required additional storage capacity is only
m* log
q.Finally, in 286, security server is by random choose ciphertext
k n and generation
k k =
f(
k k+ 1
),
k=0,1 ...,
n-1 produces and has
n+ 1 element
k 0,
k 1...,
k n key chain, wherein
fit is a pseudo-random function.In 288, security server is by the initial element of this key chain
k 0distribute to each sensor node
u=1 ...,
n.Utilize pseudo-random function
f, in given described key chain
k k , any sensor node can calculate key formerly
k m ; 0≤
m≤
k, but can not calculate after key
k m ;
k+ 1≤
m≤
n.Therefore, utilize initial key
k 0knowledge, sensor node only just can be identified any key in described key chain by carrying out pseudo-random function computing.Second element in described key chain
k 1originally be assigned to each base station
bSi.
Base station has the effect of the Entrusted authentication mandate that is similar to public-key cryptography fabric, and security server is as trusted root.In 290, base station is distributed to not impaired node by key certificate (KC), and this key certificate makes its preassignment key in finite time section
teffectively interior.Time period
tlater, the preassignment key of node is no longer valid.The element of described key chain
k 0,
k 1...,
k n in order as corresponding each time interval
i 1,
i 2...,
i n key certificate.Hereinafter, the element of described key chain is called key certificate
kC 0,
kC 1...,
kC n .
In 292, in the time interval
i l during this time, each base station
bSito contact with security server once in a while.Because base station and security server are powerful nodes, they can protect its communication by public key encryption art.Security server will be next key certificate
kC l+ 1
give each base station
bSi,
bSi=1 ...,
m.It should be noted that if there is the impaired such rare events in base station to only have a certificate to suffer damage, disclosing of the further key certificate of entail dangers to not, next key certificate can not be calculated in impaired base station itself.Due in the next time interval
i l+ 1
interior base station can not contact with security server, thereby the impaired of base station easily detected.Therefore,, in the follow-up interval at impaired interval, impaired base station will can not obtain key certificate.But, in this case, impaired base station should be noticed to all the sensors node in all the other base stations
bSisign.Each sensor node
uto wipe it with
bSishared key
k u,
bSi thereby, will
bSifrom being trusted station list of it, delete.
In 294, in the time interval
i l during this time, at least one base station arbitrarily
bSito contact with BSN once in a while and momently.In 296, by using suitable key
k u,
bSi , base station
bSito identify and set up and form each not secure communication of impaired sensor node of a BSN part.In 298, base station will with the time interval
i l+ 1
corresponding key certificate
kC l+ 1
distribute to the sensor node that each has been identified.The 3rd, sensor node will be checked
h(
k l+ 1
) equal to have stored
k l .In disadvantageous situation, sensor node can be inferred base station reliably
bSiimpaired, thus the key certificate that refusal is forged
kC'
l+ 1
.
In 300, set up key.If two nodes need to be set up pairwise key, they derive pairwise key first as explained above.Then, they check and both have from base station
bSieffective key certificate.By two sensor nodes
uwith
vthe key certificate proof procedure of carrying out must be safe, to prevent that illegal user from obtaining effective key certificate.Therefore, this process can not require by internal check separately key certificate be for current time interval
iland issue and check that these key certificates can be by the initial key of described key chain
k0identify (or the auth key of deriving
km;
m<l), first exchange key certificate separately, then verify these key certificates.On the contrary, two sensor nodes all move zero knowledge (ZK) agreement proves both have effective certificate, and does not need to disclose practically this certificate.ZK agreement provides as follows:
In (1), node
uby current (nonce) of self-generating
nusend to node
v.In (2), node
vcurrent by self-generating
nvsend to node
u.In (3),
uuse key certificate
kCland two current
nuwith
nvcalculate message authentication code (MAC:message authentication code).Two must be included in message (3) and (4) now to avoid reflection attack,
vdo not knowing
kClsituation under cheat
ucalculate
kZNP, then
vcan use this
kZNPcome and the 3rd node
wsuccessfully move ZK agreement.Utilize similar program, in (4)
vcalculate same ZK protocol cipher
kZNPvu.It should be noted that
kZNPuv ≠ KZNPvu.Two ZK protocol ciphers must be different, to avoid
vdo not knowing
kClsituation under just replay message (7) to successfully move ZK agreement.In (5),
uuse pairwise key
kuvcalculate
kZNPuvmAC.In (6),
vuse pairwise key
kvucalculate
kZNPvumAC.These two steps are absolutely necessary, so that will
kClknowledge respectively with
uwith
vassociate.They also prevent that assailant from eavesdropping the message of exchange in (7) and (8).Finally,
uchecking
vknow
kCl: according to
vthe step of carrying out in (4) and (7),
ucan calculate a segment information come with in (8) from
vthe information receiving compares.Node
vcan verify according to similar program
u's
kClknowledge.It should be noted that because the message of (7) and (8) exchange is to use respectively by node
uwith
vthe MAC that the information of storage inside is calculated, and further information is not disclosed, therefore relevant
kClinformation do not have disclosed.
Figure 13 shows the methodology 310 of the consistent global secret certificate in the center of being used to provide.There is serious defect for some application in the method from Figure 12: in these application, requires base station
bSiit may be infeasible contacting with security server.But in many application, base station will have mutual accidental interconnection in upper a period of time before once accessing BSN.For example, the information of collecting in different B SN is carried out to overall situation exchange.In method 310, utilized this fact.
In method 310, suppose that off-line arranges server and resides in the home that is different from BSN deployment district.Also supposition appears at a large amount of mobile base stations in BSN once in a while and momently
bSi,
bSi=1 ...,
mexistence.But in method 310, these base stations deployment phase later not with server be set carry out accidental contacting.On the contrary, they interconnect once in a while and momently each other.Other supposition for base station of discussing in method 280 are also set up in method 310.
In 312, before disposing, according to any one scheme in described basic cipher key pre-distribution scheme, by unique identifier and fail safe data, sensor node is carried out to initialization.In 314, for each base station
bSi=1 ...,
mwith each sensor node
u=1 ...,
n,
n>>
m, security server is selected randomly according to usual cipher key pre-distribution scheme and is distributed pairwise key
k u,
bSi .
Base station has the effect of the interconnection Certificate Authority that is similar to public-key cryptography fabric.In 316, base station is to not impaired node issue key certificate, and this key certificate makes its preassignment key in the limited time period
teffectively interior.Time period
tlater, the preassignment key of node is no longer valid.In 318, in the time interval
i l-1
during this time, each base station interconnection each other once in a while.Because base station is powerful node, so they can protect by public key encryption art their communication.In 320, the corresponding time interval is put up with in base station
i l+ 1
key certificate
kC l+ 1
reach an agreement.
In the time interval
i l during this time, at least one base station arbitrarily
bSito contact with BSN once in a while and momently.In 322, base station
bSisuitable key will be passed through to use
k uBSi identify and set up and each the not secure communication of impaired sensor node that forms a BSN part.In 324, base station will with the time interval
i l+ 1
corresponding key certificate
kC l+ 1
distribute to each and identified sensor node.
The time interval
i l later, each base station
bSiignore key certificate
kC l+ 1
.Therefore, base station
bSiat the most two time intervals
i l-1
with
i l keep key certificate
kC l+ 1
.It should be noted that under the impaired rare cases in base station to only have two key certificates
kC l with
kC l+ 1
suffer damage, disclosing of the further key certificate of entail dangers to not, impaired base station can not be predicted
kC l+ 1
next key certificate.Due in the next time interval
i l+ 1
interior base station can not contact with security server, thereby the impaired of base station easily detected.But, in this case, impaired base station should be noticed to all the sensors node in all the other base stations
bSisign, and if if possible, distribute corresponding current time interval now
i l+ 1
the key certificate of renewal
kC renewed l+ 1
.Each sensor node
uto wipe it with
bSishared key
k u,
bSi thereby, will
bSifrom being trusted station list of it, delete.
In 326, set up key.If two nodes need to be set up pairwise key, they derive pairwise key first as explained above.Then, they check both have effective key certificate as the operation ZK agreement of passing through of being explained in method 280.
Figure 14 shows the methodology 330 that allows global secret certificate part to reach an agreement.For some application, method 300 has serious defect: in these application, require all base stations
bSiin the time interval
i l interconnection may be infeasible each other during this time.Also had base station Jiang Cheng group ground interconnection once in a while undoubtedly in upper a period of time before once accessing BSN.For example, the information of collecting in different B SN is exchanged.In method 330, utilized this fact.
In 332, before disposing, according to any one scheme in described basic cipher key pre-distribution scheme, by unique identifier and fail safe data, sensor node is carried out to initialization.In 334, for each base station
bSi=1 ...,
mwith each sensor node u=1 ...,
n,
n>>
m, server is set and according to usual cipher key pre-distribution scheme, selects randomly and distribute pairwise key
k u,
bSi .In 336, security server generating ciphertext
s.In 338, arrange server according to (
t,
m) threshold scheme (
t≤
m) from ciphertext
smiddle generation
mindividual share
s 1,
s 2...,
s m , and will
s i distribute to safely each base station
bSi.Any its share collected
tindividual or more base station can restore easily
s, but anyly only know
tthe group of base stations of-1 or share still less can not.It should be noted that
t=1 in particular cases, each base station
bSihold actual ciphertext
s.
According to this specific approach, base station has the effect of the interconnection Certificate Authority that is similar to public-key cryptography fabric.In 340, base station is to not impaired node issue key certificate, and this key certificate makes its preassignment key in the limited time period
teffectively interior.Time period
tlater, the preassignment key of node is no longer valid.
In 342, in the time interval
i l-1
in, each base station
bSito carry out once in a while safe interconnection, form little non-interconnected set
g g ,
g 1,
g 2...
g<
m.Each base station
bSibe connected at least one group
g g .Therefore, the member's of each group quantity is
, wherein
for being less than or equal to
xlargest natural number
y.Group
g g can be expressed as
g g =
g gl
...,
g gk ;
k=|
g g |.For example,
m=7 base stations and
g=3 o'clock, so |
g g |>=2 and group layout may be
g 1 =
bS2,
bS3,
bS6and
g 2 =
bS1,
bS4,
bS5and
g 3 =
bS1,
bS7.It should be noted that for group
g 3 , |
g 3 |=2 and
g g1 =
bS1and
g g2 =
bS7.A necessary condition of drawing is now, for all
g, |
g g |>=
t.In 344, group
g g member
g gl ...,
g gk collect its share
s gg1 s ggk calculate
s.Then, each group membership is by solving
kC l+ 1
=F(
s,l+ 1) independently calculate corresponding interval
i l+ 1
key certificate
kC l+ 1
.Finally, each group membership ignores
s.
In the time interval
i l during this time, at least one base station arbitrarily
bSito contact with BSN once in a while and momently.In 346, base station
bSisuitable key will be passed through to use
k u,
bSi identify and set up and each the not secure communication of impaired sensor node that forms a BSN part.In 348, base station will with the time interval
i l+ 1
corresponding key certificate
kC l+ 1
distribute to each and identified sensor node.With the same in method 300, in the time interval
i l later, each base station
bSiall ignore key certificate
kC l+ 1
.
In 350, set up key.If two nodes need to be set up pairwise key, they are first as the derivation pairwise key of being explained in method 300.Then, they check both have effective key certificate as the operation ZK agreement of passing through of being explained in method 270.
Figure 15 shows the methodology 370 that allows different key certificates to reach locally consistent.Method 330 has significant operational progress with respect to method 270 and 300: every sub-fraction of base station is managing keys certificate independently, and needn't with server contact is set.And under the impaired rare cases in base station, the fail safe of all BSN can not suffer damage in interval in remaining time.
The important advantage of scheme is formerly: in the time interval
i l during this time, all the sensors node can both independently identify and/or set up safe communicating by letter with its mobility, in the time interval
i l during this time, sensor node can be roamed through different BSN, and still can among they all, carry out safe communication.In other words, method 270,300 and 330 allows the node in different B SN to carry out logical security interconnection through single security domain.This brings the effect colliding to fail safe conversely: undetected impaired node is at impaired interval
i l remaining time in still can be connected to BSN because it is held
kC l and if it is held
kC l+ 1
, so at next interval
i l+ 1
inside also may be like this.Should be understood that, impaired node can not rogue base station.Like this, impaired node obtains
k l+ 1
sole mode be to receive it before impaired.
But, in some sensor application, the fragility of system is so not serious.Consider that transducer wherein has the application of low-down mobility herein.Imagine, for example one group of transducer is connected to human body.Naturally in its situation, human body is movably, but the transducer connecting does not relatively move each other.
In method 370, BSN is not by all sharing same key certificate
kC l come logically to interconnect safely.On the contrary, in this embodiment, different BSN can have different key certificates
kC 1 l , KC 2 l kC m l , the sensor node that belongs to certain BSN is had to different key certificates from belonging to
kC i l with
kC j l ,
i ≠ jbSN all the other nodes separately.In other words, all transducers belong to different and dynamic security domain now, and each security domain is determined by the key certificate of one group of base station agreement without demur.In the given time interval
i l in, and if only if could communicate by letter safely while belonging to same security domain for two sensor nodes.
In 372, the preassignment key described in method 330.In 374, preassignment key certificate.Base station has the effect of the root Certificate Authority that is similar to public-key cryptography fabric.In 376, base station is to not impaired node issue key certificate, and this key certificate makes its preassignment key in the limited time period
teffectively interior.Time period
tlater, the preassignment key of node is no longer valid.From different base station
bSiwith
bSj,
i ≠ jkey certificate
kC bSi l with
kC bSj l may be also unequal.
In 378, in the time interval
i l-1 in, each base station
bSito carry out once in a while safe interconnection, form little non-interconnected set
g g ,
g 1,
g 2...
g<
m.Each base station
bSibe connected at least one group
g g .In 380, group
g g member
g gl
...,
g gk collect its share
s gg1
...
s ggk calculate
s.In 382, each group membership is by solving
kC g l+ 1
=
f(
s,
n ggl ) come independently to calculate corresponding interval
i l+ 1
key certificate
kC g l+ 1
, wherein
n ggl
it is corresponding interval
i l+ 1
be specific to group
g g current.In 384, each group membership ignores
s.
In 386, in the time interval
i l during this time, at least one base station arbitrarily
bSito contact with BSN once in a while and momently.In 388, base station
bSisuitable key will be passed through to use
k u,
bSi identify and set up and each the not secure communication of impaired sensor node that forms a BSN part.In 390, base station will with the time interval
i l+ 1
corresponding key certificate
kC g l+ 1
distribute to each and identified sensor node.The same with scheme formerly, in the time interval
i l later, each base station
bSiall ignore
key certificate KC g l+ 1
.
In method 370, there are three kinds of special circumstances: first, if allow each base station
bSionly add group once
g g , it just derives single key certificate so
k g l+ 1
.Its effect is to have and group
g g as many different security domain.
t=1 in particular cases, each base station
bSiform the group of oneself
g i , thereby its effect is to have and base station
bSias many different security domain.Secondly, if allow base station
bSiadd
nindividual different group
g 1,
g 2...
g n , 1<
n≤
g, it is just derived so
nindividual different key certificate
kC 1 l+ 1
,
kC 2 l+ 1
...
kC n l+ 1
.Its effect is to have different security domains, and some security domain logically connects.The 3rd, if all base stations are all interconnected to identical and unique group, they all agree to same key certificate so, thereby its effect is as the global safety territory in method 330.
In 392, set up key.If two nodes need to be set up pairwise key, they are first as the derivation pairwise key of being explained in method 300.Then, they check both have effective key certificate as the operation ZK agreement of passing through of being explained in method 270.Two sensor nodes with different key certificates can not be set up key.
In method 370, impaired sensor node can not be used for attacking the transducer with the different key certificate of the key certificate held from this impaired node.But, utilizing method 370, the sensor node with different key certificates can not carry out safe communication in same BSN.This key management system has the elasticity that improved anti-node is caught, and needn't rely on any Global ID of corresponding BSN, and the transducer memory capacity of the using memory capacity more required than basic cipher key pre-distribution scheme is slightly more.
With reference to preferred embodiment, invention has been described above.Once other staff read and understood detailed above description after may expect some modifications and improvement.The present invention it is pointed out that as long as within these modifications and improvement fall into the scope of appended claim or its equivalent, should be regarded as having comprised all such modifications and improvement.
Claims (7)
1. a method that is used for identifying the first sensor in movable sensor system, comprising:
From
n-1 mutually orthogonal
nrank Latin square set form limited projection plane (
n 2+
n+ 1,
n+ 1,1), wherein
nit is a prime power;
According to this finite projection plane, find public
tpolynomial set share; And
According to the identifier of first sensor, by the second transducer, derived
tpolynomial set share estimation point.
2. according to method claimed in claim 1, wherein secondary for the quadrature of described mutually orthogonal Latin square
unit in
nindividual project, for each element
e m ,
m=1,2,
nsequentially calculate the element of this orthogonal matrix
.
3. according to method claimed in claim 1, wherein said finite projection plane is to pass through structural matrix
mconstruct described matrix
mstructure by from the first row to the
nrow is placed by its natural order
n 2individual integer 1
n 2realize, wherein
nit is a prime power.
4. according to method claimed in claim 1, further comprise:
Derive point
p v , at this some place node
uestimate its
tpolynomial set share
f k (
p u ,
y) to generate key
k uv ;
According to described mutually orthogonal Latin square, construct described finite projection plane, make this finite projection plane before
n 2individual element appears at
nindividual successor block
b 1+
t ,
b 2+
t ,
b n+
t ,
t=0,
n, 2
n, 3
n,
n*
neach group in occur once; And
According to piece label
i, 1≤
i≤
n 2+
nand
tpolynomial set label
k,
k≤
n 2, derive counter occur
s k , wherein
ka positive integer,
nit is a prime power.
5. according to method claimed in claim 2, wherein transducer
ucarry
tpolynomial set share
label with
b i the element of ∈ FPP
b i, 1
,
b i, 2
,
b i,
n+ 1
become mapping one to one, wherein 1≤
i≤
n 2+
n+ 1, and wherein
nit is a prime power.
6. according to method claimed in claim 3, wherein according to described mutually orthogonal Latin square, generate
nthe affine plane AG on rank
(2,
n)
, wherein (i) before
nindividual piece
b i it is described matrix
mrow, (ii) time
nindividual piece is described matrix
mrow, and (iii) by by each matrix
order is added to
mupper and will with each matrix
middle individual element
corresponding described matrix
melement regard piece as and form remaining
n 2-
nindividual piece, wherein
nit is a prime power.
7. a method that is used for maximizing extensibility, elasticity and the performance of wireless system, comprising:
Estimate associated with the node in this wireless system
tpolynomial set share;
Will
tpolynomial set share is distributed to the node of estimation in this wireless system; And
Via server is set to first node int and that communicate by letter and Section Point preassignment security key on this wireless system.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US68864805P | 2005-06-08 | 2005-06-08 | |
| US60/688648 | 2005-06-08 | ||
| CN2006800206760A CN101194459B (en) | 2005-06-08 | 2006-05-31 | Deterministic key pre-distribution for mobile body sensor networks |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006800206760A Division CN101194459B (en) | 2005-06-08 | 2006-05-31 | Deterministic key pre-distribution for mobile body sensor networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103647641A true CN103647641A (en) | 2014-03-19 |
| CN103647641B CN103647641B (en) | 2017-07-11 |
Family
ID=37309129
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006800206760A Expired - Fee Related CN101194459B (en) | 2005-06-08 | 2006-05-31 | Deterministic key pre-distribution for mobile body sensor networks |
| CN201310505760.3A Expired - Fee Related CN103647641B (en) | 2005-06-08 | 2006-05-31 | The method of the scalability, elasticity and performance of identification sensor and maximization wireless system |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006800206760A Expired - Fee Related CN101194459B (en) | 2005-06-08 | 2006-05-31 | Deterministic key pre-distribution for mobile body sensor networks |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US7999685B2 (en) |
| EP (1) | EP1894340A2 (en) |
| JP (1) | JP5255436B2 (en) |
| CN (2) | CN101194459B (en) |
| RU (1) | RU2420895C2 (en) |
| WO (1) | WO2006131849A2 (en) |
Families Citing this family (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5276584B2 (en) | 2006-06-22 | 2013-08-28 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Hierarchical deterministic pairwise key pre-distribution scheme |
| JP2010509808A (en) * | 2006-11-02 | 2010-03-25 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Distributor cancellation |
| KR101329137B1 (en) | 2007-02-09 | 2013-11-14 | 삼성전자주식회사 | Key predistribution method and system in sensor network |
| WO2008122906A1 (en) * | 2007-04-05 | 2008-10-16 | Koninklijke Philips Electronics N.V. | Wireless sensor network key distribution |
| WO2009004578A2 (en) | 2007-07-03 | 2009-01-08 | Koninklijke Philips Electronics N.V. | Multidimensional identification, authentication, authorization and key distribution system for patient monitoring |
| KR20100044199A (en) * | 2007-07-04 | 2010-04-29 | 코닌클리즈케 필립스 일렉트로닉스 엔.브이. | Network and method for initializing a trust center link key |
| KR100953712B1 (en) | 2007-11-22 | 2010-04-19 | 고려대학교 산학협력단 | Method and apparatus for preventing counterfeit data insertion attack in sensor network and computer readable recording medium used therein |
| GB0723617D0 (en) * | 2007-12-03 | 2008-01-09 | Prekubator As | Method and apparatus for operating secure sensor networks |
| RU2010134428A (en) * | 2008-01-18 | 2012-02-27 | Конинклейке Филипс Электроникс Н.В. (Nl) | WIRELESS COMMUNICATION SYSTEM AND METHOD OF AUTOMATIC CANCELLATION OF THE NODE AND KEY |
| US8909931B2 (en) | 2008-02-29 | 2014-12-09 | Nec Corporation | Server authentication system, server authentication method, and program for server authentication |
| JP5513482B2 (en) | 2008-04-14 | 2014-06-04 | コーニンクレッカ フィリップス エヌ ヴェ | Station distributed identification method in network |
| US8837736B2 (en) | 2008-04-14 | 2014-09-16 | Koninklijke Philips N.V. | Method for distributing encryption means |
| EP2291977B1 (en) * | 2008-06-18 | 2016-08-17 | Philips Intellectual Property & Standards GmbH | Personal security manager for ubiquitous patient monitoring |
| JP5637990B2 (en) * | 2008-09-17 | 2014-12-10 | コーニンクレッカ フィリップス エヌ ヴェ | Method, communication apparatus and system for communicating in network |
| KR101604596B1 (en) * | 2008-09-19 | 2016-03-18 | 코닌클리케 필립스 엔.브이. | A method for secure communication in a network, a communication device, a network and a computer program therefor |
| WO2010041164A2 (en) | 2008-10-06 | 2010-04-15 | Philips Intellectual Property & Standards Gmbh | A method for operating a network, a system management device, a network and a computer program therefor |
| KR20100100134A (en) * | 2009-03-05 | 2010-09-15 | 한국전자통신연구원 | Method and apparatus for providing security service for network robot service |
| WO2010106496A1 (en) * | 2009-03-19 | 2010-09-23 | Koninklijke Philips Electronics N.V. | A method for secure communication in a network, a communication device, a network and a computer program therefor |
| US8867747B2 (en) * | 2009-03-31 | 2014-10-21 | Cisco Technology, Inc. | Key generation for networks |
| CN102379114B (en) | 2009-04-01 | 2015-10-07 | 瑞典爱立信有限公司 | Based on the security key management in the multimedia broadcasting of IMS and multicast service (MBMS) |
| CN101610452B (en) | 2009-07-15 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | Method for integrating network authentication and key management mechanism of sensor |
| US20120195431A1 (en) * | 2009-10-14 | 2012-08-02 | Koninklijke Philips Electronics N.V. | Method for operating a node in a wireless sensor network |
| JP5815671B2 (en) | 2010-04-13 | 2015-11-17 | コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. | Medical Body Area Network (MBAN) with spectrum-based key-based control |
| KR102226091B1 (en) | 2012-08-30 | 2021-03-09 | 유니버시티 오브 버지니아 페이턴트 파운데이션 | Ultra low power sensing platform with multimodal radios |
| CN103391185B (en) * | 2013-08-12 | 2017-06-16 | 北京泰乐德信息技术有限公司 | A kind of cloud security storage of track traffic Monitoring Data and processing method and system |
| CN103826218B (en) * | 2014-03-06 | 2016-10-19 | 湖南大学 | Pseudo-random sequence generation method and application method for wireless sensor network nodes |
| CN104994085B (en) * | 2015-06-19 | 2018-05-08 | 浪潮(北京)电子信息产业有限公司 | Identity identifying method and system in a kind of wireless sensor network |
| GB2550905A (en) | 2016-05-27 | 2017-12-06 | Airbus Operations Ltd | Secure communications |
| US11184344B2 (en) * | 2016-07-18 | 2021-11-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Authorization of user equipment for mobile communications network that has previously been authorized by trusted traffic authority |
| US10367792B2 (en) * | 2016-08-25 | 2019-07-30 | Orion Labs | End-to end encryption for personal communication nodes |
| US10536871B2 (en) * | 2017-06-30 | 2020-01-14 | Cisco Technology, Inc. | Radio sensor coverage estimation for wireless network assurance |
| US12097043B2 (en) | 2018-06-06 | 2024-09-24 | Masimo Corporation | Locating a locally stored medication |
| US10939878B2 (en) | 2018-06-06 | 2021-03-09 | Masimo Corporation | Opioid overdose monitoring |
| US11464410B2 (en) | 2018-10-12 | 2022-10-11 | Masimo Corporation | Medical systems and methods |
| US12064217B2 (en) | 2020-03-20 | 2024-08-20 | Masimo Corporation | Remote patient management and monitoring systems and methods |
| US11632243B1 (en) * | 2020-03-31 | 2023-04-18 | Juniper Networks, Inc. | Multi-key exchange |
| CN111555872B (en) * | 2020-04-30 | 2022-06-21 | 平安科技(深圳)有限公司 | Communication data processing method, device, computer system and storage medium |
| CN113329400A (en) * | 2021-04-20 | 2021-08-31 | 重庆九格慧科技有限公司 | Key management system based on random key distribution in mobile Ad Hoc network |
| US11962703B2 (en) * | 2022-02-08 | 2024-04-16 | International Business Machines Corporation | Cooperative session orchestration |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU94027301A (en) * | 1994-07-18 | 1996-07-20 | Военная академия связи | Method for generation of encoding/decoding keyword |
| CN1331529A (en) * | 2000-07-03 | 2002-01-16 | 孟武 | Solid trace cipher communication method |
| CN1484901A (en) * | 2000-11-29 | 2004-03-24 | ��ķɭ��ɹ�˾ | Threshold cryptography scheme for message authentication system |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5202921A (en) * | 1991-04-01 | 1993-04-13 | International Business Machines Corporation | Method and apparatus for authenticating users of a communication system to each other |
| CN1226983A (en) * | 1997-08-05 | 1999-08-25 | 耶尼克斩股份有限公司 | fingerprint identification system |
| EP1199027A3 (en) * | 2000-10-18 | 2002-05-15 | Matsushita Electric Industrial Co., Ltd. | System, apparatus, and method for acquiring state information, and attachable terminal apparatus |
| US20040167465A1 (en) | 2002-04-30 | 2004-08-26 | Mihai Dan M. | System and method for medical device authentication |
| US7948951B2 (en) * | 2002-06-12 | 2011-05-24 | Xocyst Transfer Ag L.L.C. | Automatic peer discovery |
| US7234063B1 (en) * | 2002-08-27 | 2007-06-19 | Cisco Technology, Inc. | Method and apparatus for generating pairwise cryptographic transforms based on group keys |
| US20040199056A1 (en) * | 2003-04-03 | 2004-10-07 | International Business Machines Corporation | Body monitoring using local area wireless interfaces |
| US7454619B2 (en) | 2003-06-24 | 2008-11-18 | Palo Alto Research Center Incorporated | Method, apparatus, and program product for securely presenting situation information |
| CN1910848B (en) * | 2003-10-14 | 2010-06-16 | 艾利森电话股份有限公司 | Effective Management of Cryptographic Key Generation |
| US20050130634A1 (en) * | 2003-10-31 | 2005-06-16 | Globespanvirata, Inc. | Location awareness in wireless networks |
| US20060252999A1 (en) * | 2005-05-03 | 2006-11-09 | Devaul Richard W | Method and system for wearable vital signs and physiology, activity, and environmental monitoring |
-
2006
- 2006-05-31 WO PCT/IB2006/051741 patent/WO2006131849A2/en active Application Filing
- 2006-05-31 US US11/916,764 patent/US7999685B2/en not_active Expired - Fee Related
- 2006-05-31 JP JP2008515335A patent/JP5255436B2/en not_active Expired - Fee Related
- 2006-05-31 EP EP06745058A patent/EP1894340A2/en not_active Withdrawn
- 2006-05-31 CN CN2006800206760A patent/CN101194459B/en not_active Expired - Fee Related
- 2006-05-31 RU RU2007145416/09A patent/RU2420895C2/en not_active IP Right Cessation
- 2006-05-31 CN CN201310505760.3A patent/CN103647641B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU94027301A (en) * | 1994-07-18 | 1996-07-20 | Военная академия связи | Method for generation of encoding/decoding keyword |
| CN1331529A (en) * | 2000-07-03 | 2002-01-16 | 孟武 | Solid trace cipher communication method |
| CN1484901A (en) * | 2000-11-29 | 2004-03-24 | ��ķɭ��ɹ�˾ | Threshold cryptography scheme for message authentication system |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2008543245A (en) | 2008-11-27 |
| US7999685B2 (en) | 2011-08-16 |
| CN103647641B (en) | 2017-07-11 |
| CN101194459A (en) | 2008-06-04 |
| WO2006131849A3 (en) | 2007-07-05 |
| JP5255436B2 (en) | 2013-08-07 |
| EP1894340A2 (en) | 2008-03-05 |
| RU2007145416A (en) | 2009-06-20 |
| WO2006131849A2 (en) | 2006-12-14 |
| RU2420895C2 (en) | 2011-06-10 |
| CN101194459B (en) | 2013-11-27 |
| US20090167535A1 (en) | 2009-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101194459B (en) | Deterministic key pre-distribution for mobile body sensor networks | |
| Xiao et al. | A survey of key management schemes in wireless sensor networks | |
| Zhou et al. | Securing wireless sensor networks: a survey | |
| Zhang et al. | A random perturbation-based scheme for pairwise key establishment in sensor networks | |
| Liu et al. | Establishing pairwise keys in distributed sensor networks | |
| Yıldız et al. | PLGAKD: A PUF-based lightweight group authentication and key distribution protocol | |
| Abdallah et al. | An efficient and scalable key management mechanism for wireless sensor networks | |
| Mesmoudi et al. | SKWN: Smart and dynamic key management scheme for wireless sensor networks | |
| Agrawal et al. | A novel key update protocol in mobile sensor networks | |
| Kim et al. | An efficient and scalable re-authentication protocol over wireless sensor network | |
| Zhang et al. | A privacy-preserving and secure framework for opportunistic routing in DTNs | |
| Seifelnasr et al. | Skafs: Symmetric key authentication protocol with forward secrecy for edge computing | |
| Kayem et al. | Key management for secure demand data communication in constrained micro-grids | |
| Delgosha et al. | A multivariate key-establishment scheme for wireless sensor networks | |
| Luo et al. | Self-organised group key management for ad hoc networks | |
| Salam et al. | An efficient key pre-distribution scheme for wireless sensor network using public key cryptography | |
| Juang | Efficient user authentication and key agreement in wireless sensor networks | |
| Chaudhari et al. | Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model | |
| Chiang et al. | A new scheme of key distribution using implicit security in wireless sensor networks | |
| KR101507572B1 (en) | ID-Based Key Authentication Method for Security of Sensor Data Communications | |
| Ramesh et al. | Evaluation of key management scheme based on identity | |
| Chatterjee et al. | An efficient fine-grained access control scheme for hierarchical wireless sensor networks | |
| Salimi et al. | Full-resilient memory-optimum multi-party non-interactive key exchange | |
| Mehr et al. | Securing Mobile Ad Hoc Networks Using Enhanced Identity‐Based Cryptography | |
| Askoxylakis et al. | A family of key agreement mechanisms for mission critical communications for secure mobile ad hoc and wireless mesh internetworking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170711 Termination date: 20200531 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |